Exam SY0-601 topic 1 question 503 discussion

D. Application allow list CompTIA Security+ emphasizes the importance of application control and whitelisting as a strong security practice. An application allow list ensures that only approved and authorized applications can run on a system, effectively preventing the execution of unauthorized or potentially malicious software. This practice aligns with the principle of minimizing attack surfaces and reducing the risk of malware infections caused by inadvertently installing unapproved software. While the principle of least privilege (Option C) is also an important security principle, it focuses on restricting user permissions to the minimum necessary level. Application allow lists provide more direct protection against unauthorized software execution in the context of malware prevention.

I choose D, since an application allow list lets you only install applications on that list. An employee with least privilege can still install malware on a company if their least privilege allows for installation. Allow list is the only one that will always stop malware installation

C. Least privilege All of the options you've listed can contribute to protecting against an employee inadvertently installing malware, but the most effective strategy would likely involve a combination of these measures. However, if we have to choose the one that can best protect against such incidents, "C. Least privilege" stands out.

An employee can be the admin as well and the admin can download software. But the App allows list that can block all the malicious apps/softwares.

Least privilege is a security principle that states that users should only be granted the permissions they need to do their job. This helps to protect against malware infections by preventing users from installing unauthorized software. A host-based firewall can help to protect against malware infections by blocking malicious traffic from reaching a computer. However, it cannot prevent a user from installing malware if they have the necessary permissions.

Least privilege

It has to be A or D. Least privilege only makes sense if the employee doesn't have install privs.... The question doesn't state that is the case. It could be the system admin making a mistake. A host based firewall should scan anything attempting to be installed on the host computer and flag it as malicious, thereby stopping it from being installed in the first place. I understand that an allow list may work as well but that assumes that someone hasn't corrupted an allowed application.

NOT C, why? suppose a user's already existing privileges include software installation...how would Least Privilege help? Answer is "D"

C. Least privilege

The best way to protect against an employee inadvertently installing malware on a company system is to implement the principle of least privilege (option C). This means giving employees only the minimum level of access and permissions necessary to perform their job functions. By limiting their access to only what they need, there is less opportunity for them to inadvertently install malware or make harmful changes to the system. This is a fundamental security practice in protecting against insider threats and reducing the potential impact of security breaches.

You can implement least privileges but if I am an employee with least standard/admin privileges It won't help I am allowed to install

I would think least privilage would be the answer. as it puts a halt to how much permissions the user would have. Thus halting them from getting into deep water. For the answer to be D, wouldnt the have to know what the malware was to block it?? that would be difficult with zero days existing...

The best option to protect against an employee inadvertently installing malware on a company system is to implement the principle of least privilege. Least privilege is the practice of granting users only the minimum level of access and permissions required to perform their job duties and nothing more. By following this principle, employees will have restricted access to sensitive areas of the system, reducing the risk of accidentally installing malicious software. With least privilege, employees won't have unnecessary administrative privileges that could potentially lead to unintended actions, such as installing unauthorized or malicious software. This approach helps prevent the spread of malware and limits the potential damage that could occur if a user's account is compromised or if they inadvertently download and execute harmful files. D is also a good option here but not the best one

Application allow list does not allow the malware to run. Least privilege does not allow the malware to run too. It can even prevent the employee from downloading the malware. I choose C. Least privilege

I will go with C here

In the real world, yeah I think C would be the answer as least privilege, however at least in the Comptia books I have most refer to the concept in relation to user groups and file/resource access (IE read/write access), rather than what we know in reality to be not allowing standard users to install programs. Since the question says "installing", I'm more likely to go with D here. Just my 2 cents and I'm sure others will disagree.

The principle of least privilege ensures that users are granted only the minimum level of access necessary to perform their job responsibilities. By implementing least privilege, employees have restricted access rights and permissions, limiting their ability to install or execute unauthorized software, including malware.